From cb6974bf5ba09ce668cbdd5565d25807f60c4134 Mon Sep 17 00:00:00 2001 From: Rashmi Chandrashekar Date: Thu, 22 Jul 2021 18:17:40 -0700 Subject: [PATCH 1/2] changes --- kubernetes/omsagent.yaml | 142 ++++++++++++++++++++++----------------- 1 file changed, 81 insertions(+), 61 deletions(-) diff --git a/kubernetes/omsagent.yaml b/kubernetes/omsagent.yaml index 855f3a8e1..b54987331 100644 --- a/kubernetes/omsagent.yaml +++ b/kubernetes/omsagent.yaml @@ -379,13 +379,19 @@ spec: memory: 225Mi env: # azure devops pipeline uses AKS_RESOURCE_ID and AKS_REGION hence ensure to uncomment these + - name: AKS_CLUSTER_NAME + value: "VALUE_AKS_CLUSTER_NAME" - name: AKS_RESOURCE_ID value: "VALUE_AKS_RESOURCE_ID_VALUE" - name: AKS_REGION value: "VALUE_AKS_RESOURCE_REGION_VALUE" + - name: FBIT_SERVICE_FLUSH_INTERVAL + value: "15" + - name: AKS_NODE_RESOURCE_GROUP + value: "VALUE_AKS_NODE_RESOURCE_GROUP" # this used for e2e test and setting this just emits some additional log statements which used for the e2e tests - - name: ISTEST - value: "true" + #- name: ISTEST + # value: "true" #Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters #- name: ACS_RESOURCE_NAME # value: "my_acs_cluster_name" @@ -400,6 +406,8 @@ spec: value: "" - name: AZMON_CONTAINERLOGS_ONEAGENT_REGIONS value: "koreacentral,norwayeast,eastus2" + - name: USING_AAD_MSI_AUTH + value: "false" securityContext: privileged: true ports: @@ -445,59 +453,65 @@ spec: periodSeconds: 60 timeoutSeconds: 15 #Only in sidecar scraping mode - - name: omsagent-prometheus - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod06112021" - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 75m - memory: 225Mi - env: - # azure devops pipeline uses AKS_RESOURCE_ID and AKS_REGION hence ensure to uncomment these - - name: AKS_RESOURCE_ID - value: "VALUE_AKS_RESOURCE_ID_VALUE" - - name: AKS_REGION - value: "VALUE_AKS_RESOURCE_REGION_VALUE" - #Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters - #- name: ACS_RESOURCE_NAME - # value: "my_acs_cluster_name" - - name: CONTAINER_TYPE - value: "PrometheusSidecar" - - name: CONTROLLER_TYPE - value: "DaemonSet" - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - # Update this with the user assigned msi client id for omsagent - - name: USER_ASSIGNED_IDENTITY_CLIENT_ID - value: "" - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/kubernetes/host - name: azure-json-path - - mountPath: /etc/omsagent-secret - name: omsagent-secret - readOnly: true - - mountPath: /etc/config/settings - name: settings-vol-config - readOnly: true - - mountPath: /etc/config/osm-settings - name: osm-settings-vol-config - readOnly: true - livenessProbe: - exec: - command: - - /bin/bash - - -c - - /opt/livenessprobe.sh - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 15 + # - name: omsagent-prometheus + # image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod06112021" + # imagePullPolicy: IfNotPresent + # resources: + # limits: + # cpu: 500m + # memory: 1Gi + # requests: + # cpu: 75m + # memory: 225Mi + # env: + # # azure devops pipeline uses AKS_RESOURCE_ID and AKS_REGION hence ensure to uncomment these + # - name: AKS_CLUSTER_NAME + # value: "VALUE_AKS_CLUSTER_NAME" + # - name: AKS_RESOURCE_ID + # value: "VALUE_AKS_RESOURCE_ID_VALUE" + # - name: AKS_REGION + # value: "VALUE_AKS_RESOURCE_REGION_VALUE" + # - name: AKS_NODE_RESOURCE_GROUP + # value: "VALUE_AKS_NODE_RESOURCE_GROUP" + # #Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters + # #- name: ACS_RESOURCE_NAME + # # value: "my_acs_cluster_name" + # - name: CONTAINER_TYPE + # value: "PrometheusSidecar" + # - name: CONTROLLER_TYPE + # value: "DaemonSet" + # - name: NODE_IP + # valueFrom: + # fieldRef: + # fieldPath: status.hostIP + # # Update this with the user assigned msi client id for omsagent + # - name: USER_ASSIGNED_IDENTITY_CLIENT_ID + # value: "" + # - name: USING_AAD_MSI_AUTH + # value: "false" + # securityContext: + # privileged: true + # volumeMounts: + # - mountPath: /etc/kubernetes/host + # name: azure-json-path + # - mountPath: /etc/omsagent-secret + # name: omsagent-secret + # readOnly: true + # - mountPath: /etc/config/settings + # name: settings-vol-config + # readOnly: true + # - mountPath: /etc/config/osm-settings + # name: osm-settings-vol-config + # readOnly: true + # livenessProbe: + # exec: + # command: + # - /bin/bash + # - -c + # - /opt/livenessprobe.sh + # initialDelaySeconds: 60 + # periodSeconds: 60 + # timeoutSeconds: 15 affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -599,13 +613,17 @@ spec: cpu: 150m memory: 250Mi env: + - name: AKS_CLUSTER_NAME + value: "VALUE_AKS_CLUSTER_NAME" - name: AKS_RESOURCE_ID value: "VALUE_AKS_RESOURCE_ID_VALUE" - name: AKS_REGION value: "VALUE_AKS_RESOURCE_REGION_VALUE" + - name: AKS_NODE_RESOURCE_GROUP + value: "VALUE_AKS_NODE_RESOURCE_GROUP" # this used for e2e test and setting this just emits some additional log statements which used for the e2e tests - - name: ISTEST - value: "true" + # - name: ISTEST + # value: "true" # Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters #- name: ACS_RESOURCE_NAME # value: "my_acs_cluster_name" @@ -620,7 +638,9 @@ spec: value: "" # Add the below environment variable to true only in sidecar enabled regions, else set it to false - name: SIDECAR_SCRAPING_ENABLED - value: "true" + value: "false" + - name: USING_AAD_MSI_AUTH + value: "false" securityContext: privileged: true ports: @@ -789,13 +809,13 @@ spec: fieldRef: fieldPath: status.hostIP - name: SIDECAR_SCRAPING_ENABLED - value: "true" + value: "false" # Update this with the user assigned msi client id for omsagent - name: USER_ASSIGNED_IDENTITY_CLIENT_ID value: "" # Add this only for clouds that require cert bootstrapping - - name: REQUIRES_CERT_BOOTSTRAP - value: "true" + # - name: REQUIRES_CERT_BOOTSTRAP + # value: "true" volumeMounts: - mountPath: C:\ProgramData\docker\containers name: docker-windows-containers From 912bc83cfb3fec69afd9b0b036acbe7dbae3a8d5 Mon Sep 17 00:00:00 2001 From: Rashmi Chandrashekar Date: Wed, 28 Jul 2021 18:10:24 -0700 Subject: [PATCH 2/2] fixing PR comments --- kubernetes/omsagent.yaml | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/kubernetes/omsagent.yaml b/kubernetes/omsagent.yaml index b54987331..0fb84083b 100644 --- a/kubernetes/omsagent.yaml +++ b/kubernetes/omsagent.yaml @@ -379,19 +379,13 @@ spec: memory: 225Mi env: # azure devops pipeline uses AKS_RESOURCE_ID and AKS_REGION hence ensure to uncomment these - - name: AKS_CLUSTER_NAME - value: "VALUE_AKS_CLUSTER_NAME" - name: AKS_RESOURCE_ID value: "VALUE_AKS_RESOURCE_ID_VALUE" - name: AKS_REGION value: "VALUE_AKS_RESOURCE_REGION_VALUE" - - name: FBIT_SERVICE_FLUSH_INTERVAL - value: "15" - - name: AKS_NODE_RESOURCE_GROUP - value: "VALUE_AKS_NODE_RESOURCE_GROUP" # this used for e2e test and setting this just emits some additional log statements which used for the e2e tests - #- name: ISTEST - # value: "true" + - name: ISTEST + value: "true" #Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters #- name: ACS_RESOURCE_NAME # value: "my_acs_cluster_name" @@ -613,17 +607,13 @@ spec: cpu: 150m memory: 250Mi env: - - name: AKS_CLUSTER_NAME - value: "VALUE_AKS_CLUSTER_NAME" - name: AKS_RESOURCE_ID value: "VALUE_AKS_RESOURCE_ID_VALUE" - name: AKS_REGION value: "VALUE_AKS_RESOURCE_REGION_VALUE" - - name: AKS_NODE_RESOURCE_GROUP - value: "VALUE_AKS_NODE_RESOURCE_GROUP" # this used for e2e test and setting this just emits some additional log statements which used for the e2e tests - # - name: ISTEST - # value: "true" + - name: ISTEST + value: "true" # Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters #- name: ACS_RESOURCE_NAME # value: "my_acs_cluster_name"